More than half of Singapore respondents to a CrowdStrike-commissioned survey believe their devices are only somewhat secure against advanced cyber threats

More office workers in Singapore are working remotely amid the Covid-19 coronavirus outbreak, but not everyone is using company-issued devices, raising the risk of falling prey to cyber attackers on the prowl for susceptible victims.

According to a study commissioned by CrowdStrike, nine in 10 respondents in Singapore are now working remotely more often or about the same as before, with almost three-quarters working remotely more often as a direct result of the pandemic.

In doing so, 70% of respondents are using personal devices, including laptops and mobile devices, to do their jobs, while 97% use a mix of company-issued and personal devices.

These respondents appear to be aware of the security risks arising from unpatched devices and insecure networks, with 56% believing their devices were only “somewhat secure” against advanced cyber threats.

A further 12% said the devices they were using to work from home were “not very secure” or “not secure at all”.

Those working for small businesses with one to 100 employees are at even greater risk, with 61% saying their employer had not given such training.

“Maintaining security in the face of this global office exodus presents significant risks for most organisations”
Michael Sentonas, CrowdStrike

The study was conducted by YouGov on behalf of CrowdStrike between 14 and 26 April 2020, involving more than 4,000 senior decision-makers in Australia, France, Germany, the UK, India, Japan, the Netherlands, Singapore and the US.

Michael Sentonas, chief technology officer at CrowdStrike, said the cyber security firm was already hearing about the profound challenges of businesses that are supporting directives for employees to vacate offices and work from home.

“Maintaining security in the face of this global office exodus presents significant risks for most organisations,” said Sentonas.

To mitigate these risks, he advised organisations to review security policies, which need to include remote working access management, the use of personal devices, and data privacy considerations for employee access to documents and other information.

He added that personal devices needed to have the same level of security as a company-owned device, and that organisations should consider the privacy implications of personal devices connecting to a business network.

As home Wi-Fi networks may not have the same security controls used in traditional offices, Sentonas said organisations would need to put more focus on data privacy and hunt for intrusions from more entry points.

An Interpol-coordinated cyber operation leads to the arrest of three people in Indonesia who allegedly used JavaScript-sniffer malware to steal payment card details of online shoppers.

He also stressed the importance of instilling good cyber security practices among employees, with government agencies such as Singapore’s Cyber Security Agency (CSA) having already warned the public about coronavirus-related phishing attacks and scam campaigns.

In April 2020, the CSA sounded the alarm on calls from scammers impersonating CSA officials who claim to be investigating suspicious activities on their victims’ computer or network.

The victims are asked to install remote desktop access software on their computers. The scammers might also use the CSA logo when they carry out the remote installation and request for payments to resolve the issue.

“Continuous end-user education and communication are extremely important and should include ensuring that remote workers can contact IT quickly for advice. Organisations should also consider employing more stringent email security measures,” he said.

Content Continues Below

Download this free guide

Getting Cloud Security Right

Let's face it, cloud security can be done very wrong. Let's learn to do it right.
Regular Computer Weekly contributor Peter Ray Allison explores this issue, weighing up the questions organisations should be asking of their cloud service providers, and whose responsibility cloud security should be.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.